Abstract
To curb worm spread, it is vital to detect worms in time and restrict the victims' network behavior effectively. A worm detection and containment system for local networks is proposed. Normal service requests are characterized with the self-set, which is applied to monitor for suspicious service requests. The system correlates the suspicious service requests in the form of binary trees, and binary trees' anomaly values are monitored for worm attacks. Possible worm victims are determined from the binary trees. Based on the self-set, the worm victims' normal traffic is permitted while their worm activities are strictly contained. Experiments show the system contains worms effectively, and the detrimental effect of the system's deployment on normal network traffic is negligible.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
